Displaying 20 results from an estimated 1000 matches similar to: "Announce: X.509 certificates support in OpenSSH version 5.4"
2004 Aug 19
0
Announce: X.509 certificates support in OpenSSH-3.9p1
Hi All,
Diffs of "X.509v3 certificates support for OpenSSH" versions
g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for
download.
Please visit "http://roumenpetrov.info/openssh" for more information.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o
2004 Apr 07
0
Announce: X.509 certificates support in OpenSSH(version h-Validator)
I'm pleased to announce that the version "h"(code-name Validator) of
"X.509 certificates support in OpenSSH" is now available for immediate
download at http://roumenpetrov.info/openssh.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o OCSP (optional and
2012 Jan 15
0
X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
Hello list members,
I would like to inform that version 7.1 of X.509 certificate support) is
ready.
The just published update from "Integration" series offer direct support
of X.509 certificates based on RSA keys from PKCS11module. Another
integration update is that now you could you use FIPS capable OpenSSL
library in FIPS mode.
As result of above mentioned features
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All,
The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1
you can found diff for OpenSSH versions 4.4p1.
What's new:
* specific diff of 5.5 for OpenSSH 4.4p1
Because of OpenSSH source code changes, like include statements and new server
option
2007 Oct 26
0
Announce: X.509 certificates support in OpenSSH (version 6.1-International)
Hi All,
The version 6.1 of "X.509 certificates support in OpenSSH" is ready for
download. On page http://www.roumenpetrov.info/openssh/download.html you
can found diffs for OpenSSH versions 4.5p1,4.6p1 and 4.7p1.
Details ( from http://www.roumenpetrov.info/openssh ):
* distinguished name compare bug(security):
The bug affect versions 6.0 and 6.0.1 only. The work around is to
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen,
I discovered that the need of appending the .pub part of id_rsa(client
key+cert) on the server can be eliminated by adding the Certificate Blob
to authorized_keys which could look something like this:
x509v3-sign-rsa subject=
/C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com
This is extracted from the client certificate using openssl as
2006 Jan 22
0
Announce: X.509 certificates support in OpenSSH (version 5.3 from "Validator" series)
Hi All,
The version 5.3 of "X.509 certificates support in OpenSSH" is published.
This version adds preliminary support for "x509v3-sign-rsa-sha1"
and "x509v3-sign-dss-sha1" key type names in conformance with
"draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss
key type with signatures in "ssh-dss" format.
More details on page
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
been trying the x509 patch for ssh from Roumen, it works great.
However, I can't figure out couple of things, and been trying to solve
it for couple of days already.
I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g
with 6.1 version of your patch.
The serverside hostkey is configured correctly, to present x509v3-sign-rsa
dynowork
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All,
X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS
enabled 1.0.1 stable release and korn shell
Yours sincerely,
Roumen Petrov
--
Get X.509 certificates support in OpenSSH:
2003 Jan 30
0
X.509 certificates support in OpenSSH - version f is ready
Hi all,
I have pleasure to announce new version f of "X.509 certificates support in OpenSSH"
Please to update your bookmarks/favorites with new location:
http://roumenpetrov.info/openssh
Old location is available too:
http://satva.skalasoft.com/~rumen/openssh
What's new:
* support "Certificate Revocation Lists" (CRLs)
* ssh-keyscan can show hostkey with
2017 Nov 24
1
SSL configuration
Hello subscribers,
I have a very strange question regarding SSL setup on gluster storage.
I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/,
create a file called secure-access into /var/lib/glusterd/
Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes.
No problem.
2008 Jan 14
0
Regarding the "X509v3 Certificates" patch
Dear List,
Regarding the "X509v3 Certificates" patch ... (See links below)
- http://marc.info/?l=openssh-unix-dev&m=110976923021961&w=2
- http://marc.info/?l=openssh-unix-dev&m=110973268111830&w=2
- http://roumenpetrov.info/openssh
How would I apply this patch to the OpenSSH currently in FreeBSD(.org) and/or PC-BSD(.org)??
Please CC: me on the reply because I
2023 Mar 10
1
OpenSSH FIPS support
Hi Joel,
Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
There is no way to work with OpenSSL v3 due to many reasons.
If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH.
Regards,
Roumen Petrov
--
Advanced
2007 Aug 07
0
Announce: X.509 certificates support in OpenSSH (version 6.0-International)
Today, I released a new version of "X.509 certificates support in
OpenSSH" ( http://roumenpetrov.info/openssh/ ).
Version 6.0 add following enhancements:
- Printable X.509 name attributes compared in UTF-8
Printable attributes are converted to utf-8 before to compare. This
allow distinguished name in "authorized keys" file to be in UTF-8.
- "Distinguished Name"
2013 Jan 08
6
Why is localhost self-signed cert a CA cert?
I am building a mail server on Centos 6.3 and working with OpenSSL to
create a self-signed certificate for mail use.
Along the line of learning the 'best' options to use for OpenSSL and
dealing with the default SSL virtual host for Apache, I discovered that
the localhost cert created (I believe) during firstboot has the X509v3
extensions set as a CA cert (eg basicConstraint CA:TRUE).
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All,
Version 7.0 of "X.509 certificates support in OpenSSH" is ready for
immediate download.
This version allow client to use certificates and keys stored into
external devices. The implementation is based on openssl dynamic engines.
For instance E_NSS engine ( http://developer.berlios.de/projects/enss )
will allow you to
use certificates and keys from Firefox, SeaMonkey,
2018 May 25
2
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Can you implement revocation support?
On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote:
> No way, sorry.
>
> The OpenSSH certificate format was significantly motivated by X.509's
> syntactic and semantic complexity, and the consequent attack surface in
> the sensitive pre-authentication paths of our code. We're very happy to
> be able to
2005 Mar 10
0
X.509 certificates support for OpenSSH-4.0p1
I'm pleased to announce that X.509 certificates support
for OpenSSH-4.0p1 is now available for download.
Please visit http://roumenpetrov.info/openssh/ to get it.
Best regards,
Roumen Petrov
2005 Jun 13
0
Announce: X.509 certificates support in OpenSSH (version 5.2 from "Validator" series)
Hi All,
The version 5.2 of "X.509 certificates support in OpenSSH" is ready for download.
Available diffs are for OpenSSH versions 3.9p1, 4.0p1 and 4.1p1.
What's new:
* print CERT RR (resource record)
* verify remote key using DNS and CERT RR
* include not-pipeline patch
* work with OpenSSL 0.9.8betaX
Please visit "http://roumenpetrov.info/openssh/" for more information.
2009 Feb 23
0
Announce: X.509 certificates support v6.2 for OpenSSH version 5.2p1
Hi All,
Version 6.2 of "X.509 certificates support in OpenSSH" is ready for
immediate download. Visit "http://roumenpetrov.info/openssh/" for details.
Regards,
Roumen Petrov